# from https://github.com/aquasecurity/trivy-operator/tree/v0.15.1/deploy/helm/crds
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: exposedsecretreports.aquasecurity.github.io
spec:
  group: aquasecurity.github.io
  names:
    kind: ExposedSecretReport
    listKind: ExposedSecretReportList
    plural: exposedsecretreports
    shortNames:
    - exposedsecret
    - exposedsecrets
    singular: exposedsecretreport
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: The name of image repository
      jsonPath: .report.artifact.repository
      name: Repository
      type: string
    - description: The name of image tag
      jsonPath: .report.artifact.tag
      name: Tag
      type: string
    - description: The name of the exposed secret scanner
      jsonPath: .report.scanner.name
      name: Scanner
      type: string
    - description: The age of the report
      jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - description: The number of critical exposed secrets
      jsonPath: .report.summary.criticalCount
      name: Critical
      priority: 1
      type: integer
    - description: The number of high exposed secrets
      jsonPath: .report.summary.highCount
      name: High
      priority: 1
      type: integer
    - description: The number of medium exposed secrets
      jsonPath: .report.summary.mediumCount
      name: Medium
      priority: 1
      type: integer
    - description: The number of low exposed secrets
      jsonPath: .report.summary.lowCount
      name: Low
      priority: 1
      type: integer
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: ExposedSecretReport summarizes exposed secrets in plaintext files
          built into container images.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          report:
            description: Report is the actual exposed secret report data.
            properties:
              artifact:
                description: Artifact represents a standalone, executable package
                  of software that includes everything needed to run an application.
                properties:
                  digest:
                    description: Digest is a unique and immutable identifier of an
                      Artifact.
                    type: string
                  mimeType:
                    description: MimeType represents a type and format of an Artifact.
                    type: string
                  repository:
                    description: Repository is the name of the repository in the Artifact
                      registry.
                    type: string
                  tag:
                    description: Tag is a mutable, human-readable string used to identify
                      an Artifact.
                    type: string
                type: object
              registry:
                description: Registry is the registry the Artifact was pulled from.
                properties:
                  server:
                    description: Server the FQDN of registry server.
                    type: string
                type: object
              scanner:
                description: Scanner is the scanner that generated this report.
                properties:
                  name:
                    description: Name the name of the scanner.
                    type: string
                  vendor:
                    description: Vendor the name of the vendor providing the scanner.
                    type: string
                  version:
                    description: Version the version of the scanner.
                    type: string
                required:
                - name
                - vendor
                - version
                type: object
              secrets:
                description: Exposed secrets is a list of passwords, api keys, tokens
                  and others items found in the Artifact.
                items:
                  description: ExposedSecret is the spec for a exposed secret record.
                  properties:
                    category:
                      type: string
                    match:
                      description: Match where the exposed rule matched.
                      type: string
                    ruleID:
                      description: RuleID is rule the identifier.
                      type: string
                    severity:
                      description: Severity level of a vulnerability or a configuration
                        audit check.
                      enum:
                      - CRITICAL
                      - HIGH
                      - MEDIUM
                      - LOW
                      type: string
                    target:
                      description: Target is where the exposed secret was found.
                      type: string
                    title:
                      type: string
                  required:
                  - category
                  - match
                  - ruleID
                  - severity
                  - target
                  - title
                  type: object
                type: array
              summary:
                description: Summary is the exposed secrets counts grouped by Severity.
                properties:
                  criticalCount:
                    description: CriticalCount is the number of exposed secrets with
                      Critical Severity.
                    minimum: 0
                    type: integer
                  highCount:
                    description: HighCount is the number of exposed secrets with High
                      Severity.
                    minimum: 0
                    type: integer
                  lowCount:
                    description: LowCount is the number of exposed secrets with Low
                      Severity.
                    minimum: 0
                    type: integer
                  mediumCount:
                    description: MediumCount is the number of exposed secrets with
                      Medium Severity.
                    minimum: 0
                    type: integer
                required:
                - criticalCount
                - highCount
                - lowCount
                - mediumCount
                type: object
              updateTimestamp:
                description: UpdateTimestamp is a timestamp representing the server
                  time in UTC when this report was updated.
                format: date-time
                type: string
            required:
            - artifact
            - scanner
            - secrets
            - summary
            - updateTimestamp
            type: object
        required:
        - report
        type: object
    served: true
    storage: true
    subresources: {}
